Secret information record medium, secret information protection method, secret information protective storing method, and system for reporting emergency such as theft or confinement when secret information is accessed

ABSTRACT

Disclosed are protection of secret information including an encryption key and a system for reporting an emergency such as theft or confinement when secret information is accessed. Secret information includes a large quantity of decoy data and a piece/pieces of true and correct data mixed into the decoy data. The secret data including the decoy data and the true and correct data is two-dimensional code data the code of which is composed of groups of cells having different areas. The positions and order of storage of the true and correct data dispersedly mixed in the decoy data are determined and reported to the user. The user adds a predetermined alerting signal when inputting the password to tell that the user is under control of a third party. The system can detect the alerting signal and know that the user is in an abnormal state, performs normal identification procedures, and takes protection/preservation measures. Part of decoy data is specified as confinement report data and added to the true and correct data. Consequently at least a piece of confinement report data is included and therefore the user himself is judged to be under control of the third party. Then the user is identified and a confinement report alert is issued.

TECHNICAL FIELD

[0001] The present invention relates to security of secret informationincluding cryptographic keys. In addition, the present invention relatesto a protection system (for example, emergency conditions informingsystem) for use of secret information including cryptographic keys (forexample, use of user authentication passwords).

[0002] More particularly, the present invention relates to security ofsecret information including cryptographic keys (such as personalidentification information for user authentication, informationindicating a particular authorized user to enter an information controlroom or to identify an operator, individual identification informationfor a customer, sensitive personal information (assets, value ofsecurities, and storage data such as storage space), sensitive corporateinformation [sales activity materials (such as customer data andmerchandise data) and research activity materials (such as mathematicalexpressions, chemical formulas, and other numeric data in researchresult lists and details in research reports)].

[0003] For example, it relates to cryptographic keys used for userauthentication in electronic commerce as well as those used to protectsecret information stored in a personal computer or mobile telephoneagainst loss and theft and those used as entrant-limited control oroperator-limited control cryptographic keys to inhibit an unauthorizedperson's access to a storage medium of a server.

[0004] In addition, the present invention is not limited to onlineapplications such as user authentication in electronic commerce but isfinding offline applications such as recording on a recording medium,transporting printout or image outputs through facsimile or by mail, andtransporting and storing in movable or storable form such as printedmatter or floppy disks as well as other wide applications such asstoring on a recording medium of a computer.

BACKGROUND ART

[0005] To protect these kinds of secret information, passwords of pluraldigits and/or characters and/or IC cards have been commonly used. Inaddition to or in place of such prior passwords, there exists userauthentication means for authenticating a user by means of fingerprintsor other physical features. Such an IC card maybe used by someone otherthan the owner or authorized user of the IC card if it is lost orthieved.

[0006] In addition, as a prior safety measure against loss and theft ofan authentication card which has secret information with cryptographickeys recorded thereon, an authentication request from an unauthorizedperson may be denied to reject an online connection made by that person,resulting in a transaction failure. However, there is no system toactively invalidate an electronic key (authentication card) used for anunauthorized access or inform that there occurs an unauthorized accessto a restricted area or electronic device.

[0007] Therefore, if an authentication card which has secret informationwith cryptographic keys recorded thereon is lost, replicated, and/orthieved, there is no safety measure to be taken when the card is usedfraudulently by an unauthorized person in bad faith, when a deceitfuluser authentication request is made by an unauthorized person in badfaith, or when an authorized user placed under the control of anunauthorized person in bad faith makes a user authentication request(authentication data entry).

[0008] It is an object of first and second embodiments of the presentinvention to provide means of concealing and storing secret informationas well as a method of protecting secret information, wherein thesemeans and method have functions as user authentication means but do notneed fingerprint recognition or other physical feature userauthentication means. It is also an object of these embodiments toprovide means of concealing, recording, and storing secret informationsuch as corporate information and technical information.

[0009] It is an object of a third present invention to detect accessfrom an authorized user placed under the control of an unauthorizedperson in bad faith to allow for protection and preservation of both theuser and the system.

[0010] It is an object of fourth through ninth invention to establish analarm system and a system for informing that there occurs anunauthorized access to a restricted area or electronic device as asafety measure to be taken when secret information with cryptographickeys, a recording medium including such secret information, or anelectronic and/or communication device having such a recording medium isthieved or lost, or fraudulently used by means of an invalidauthentication card or leaked authentication data.

DISCLOSURE OF INVENTION

[0011] The first invention (claims 1 through 4) provides a SecretInformation Record Medium for secret information, wherein a single orplural items of true data are interspersed among numerous items of falsedata and the false and true data are composed of two-dimensional codedata in plural groups having different areas, and wherein thelocation(s) and/or storing order of the item(s) of true datainterspersed among the numerous items of false data are determined andpresented to a user.

[0012] The second invention (claims 5 through 7) provide a SecretInformation Protective storing Method, wherein a single or plural itemsof true data encrypted by applying two-dimensional codes to secretinformation are interspersed among numerous items of false data, andwherein the location(s) and/or storing order of the item(s) of true datawith respect to the numerous items of false data are held in a user'smemory for memory authentication (brain authentication) to prevent anyunauthorized person from decrypting the secret information.

[0013] The third invention (claim 8) provides a Secret InformationProtective storing Method wherein items of true data indicatingdecryption keys for encrypted secret information are interspersed amongnumerous items of false data for concealment and the locations andreading order of the items of true data interspersed among the numerousitems of false data are held in a user's memory.

[0014] The fourth invention (claim 9) provides a Secret InformationProtective storing method of concealing, recording, and storing secretinformation interspersed with true information and false information,wherein the true information is divided into plural items andinterspersed among numerous items of the false information to concealthe true information, wherein numerous items of true data indicating thelocations of the items of true information and numerous items of falsedata indicating the locations of the items of false information areprovided, and wherein the locations and storing order of the items oftrue data interspersed among the numerous items of false data aredetermined from a user's memory.

[0015] The invention of claim 10 is achieved, in the invention of claim9 by referring to a graphic sheet which includes coloring,illustrations, graphics, and landscapes, when the locations and order ofthe items of true data interspersed among the numerous items of falsedata are determined from a user's memory.

[0016] The fifth invention (claim 11) provides a System for ReportingEmergency such as Theft or conferment when Secret Information isaccessed, wherein during the input of a password upon userauthentication in an internet transaction, a user adds an alarm signalthat is set in advance for informing that he or she is placed under thecontrol of an unauthorized person, and the system detects that the useris under an abnormal condition by detecting the alarm signal, whereuponthe system performs a protection/preservation measure.

[0017] The sixth invention (claim 12) provides a System for ReportingEmergency such as Theft or conferment hen Secret Information isaccessed, wherein during the input of a password upon userauthentication in an internet transaction, a user adds an alarm signalthat is set in advance for informing that he or she is placed under thecontrol of an unauthorized person, and the system detects that the useris under an abnormal condition by detecting the alarm signal, whereuponthe system performs a normal user authentication procedure as well asperforms a protection/preservation measure.

[0018] The seventh invention (claim 13) provides a system for informingtheft, confinement, and other emergency conditions occurring duringoperations on secret information, wherein during the input of a passwordupon user authentication in an internet transaction, a user deletes analarm signal that is set in advance in a password for informing that heor she is placed under the control of an unauthorized person, and thesystem detects that the user is under an abnormal condition by detectingthe alarm signal, whereupon the system performs aprotection/preservation

[0019] The eighth invention (claim 14) provides a and System forReporting Emergency such as Theft or conferment when Secret Informationis accessed, wherein the number of items of matching data to be recordedon a recording medium is selected to include a single item of true dataand plural items of false data to provide a user authentication datarecording medium which has the matching data interspersed with thesingle item of true data and the plural items of false data, wherein inrecording secret information with cryptographic keys on the userauthentication data recording medium, one of the numerous items ofmatching data is determined to be the true data and the remaining itemsof matching data are determined to be the false data, whereininformation indicated by the single item of true data is determined tobe authentication data indicating the secret information with thecryptographic keys on the user authentication data recording medium,wherein in using the user authentication data recording medium to enterthe authentication data, the single item of true data is selected fromthe user authentication data recording medium, thereby determining thatthe true authentication data is selected and validating the userauthentication, and wherein in selecting the single item of true datafrom the user authentication data recording medium during the inputoperation by means of the user authentication data recording medium, ifat least one item of false data is included in the input data, it isdetermined that a theft-causing unauthorized access is attempted andthen the user authentication is invalidated with a theft alarmgenerated.

[0020] The ninth invention (claim 15) is achieved, in the invention ofclaim 8, by including plural items of true data in the userauthentication data recording medium. More specifically, several ones ofthe numerous items of matching data are determined to be the true databy specifying the locations and order of them, the remaining items ofmatching data are determined to be the false data, and informationindicated by the plural items of true data is determined to beauthentication data on the user authentication data recording medium.Thus, the plural items of true data are selected from the userauthentication data recording medium in a correct order during the inputoperation by means of the user authentication data recording medium,thereby determining that the true matching data is selected andvalidating the user authentication.

[0021] The tenth invention (claim 16) is achieved, in the claim 8 andclaim 9, by determining some of the false data as confinement informingdata and adding it to the true data to include at least one item ofconfinement informing data, thereby determining that the user is placedunder the control of an unauthorized person and validating the userauthentication with a confinement informing alarm generated.

[0022] More specifically, in recording secret information withcryptographic keys on the user authentication data recording medium, oneor several ones of the numerous items of matching data are determined tobe the true data with a reading order determined, the remaining items ofmatching data are determined to be the false data, information indicatedby the single or plural items of true data in the correct reading orderis determined to be authentication data indicating the secretinformation with the cryptographic keys on the user authentication datarecording medium, and some of the false data is determined to beconfinement informing data. During the input operation by means of theuser authentication data recording medium, the single or plural items oftrue data from the matching data and the reading order are selected andthe confinement informing data is added, thereby determining that thetrue authentication data is selected and validating the userauthentication. Then, if at least one item of confinement informing datais included in addition to the true data, it is determined that the useris placed under the control of an unauthorized person and a controlcenter validates the user authentication with a confinement informingalarm generated.

BRIEF DESCRIPTION OF DRAWINGS

[0023]FIG. 1 is an explanatory drawing for showing a first embodiment ofa recording and storage card which includes secret information composedof two-dimensional code data.

[0024]FIG. 2 is an explanatory drawing for showing a second embodimentof the card.

[0025]FIG. 3 is an explanatory drawing for showing a third embodiment ofthe card.

[0026]FIG. 4 is an explanatory drawing for showing a fourth embodimentof the card.

[0027]FIG. 5 is an explanatory drawing of two-dimensional codes, whichare composed of small squares in FIG. 5a, large squares in FIG. 5b, andrectangles in FIG. 5c, respectively.

[0028]FIG. 6 is an explanatory drawing for showing a fifth embodiment ofthe recording and storage card which includes secret informationcomposed of two-dimensional code data.

[0029]FIG. 7 is a schematic drawing for showing recording and readingoperations on a card 1.

[0030]FIG. 8 is a block diagram for showing the same operations as shownin FIG. 7.

[0031]FIG. 9 is an explanatory drawing of encrypted information.

[0032]FIG. 10 is an explanatory drawing of address cards.

[0033]FIG. 11 is an explanatory drawing of address cards includingillustrations.

[0034]FIG. 12 is a flowchart of the fifth invention.

[0035]FIG. 13 is a flowchart of the sixth invention.

[0036]FIG. 14 is a flowchart of the seventh invention.

[0037]FIG. 15 is an explanatory drawing of a user authentication datarecording card.

[0038]FIG. 16 is an explanatory drawing of a user authentication datarecording card for an embodiment which uses matching data of differentshapes.

[0039]FIG. 17 is an explanatory drawing of user authentication datarecording cards for showing an embodiment in which two-dimensionallycoded data is recorded.

[0040]FIG. 18 is an explanatory drawing of user authentication datarecording cards for showing an embodiment in which marks and symbols areused as matching data.

[0041]FIG. 19 is an explanatory drawing of reading means for matchingdata in the second embodiment and also shows the functions of a controlcomputer.

[0042]FIG. 20 is an explanatory drawing for showing the system operationof an emergency conditions informing system according to the eighththrough tenth embodiments.

[0043]FIG. 21 is a flowchart for showing the same system operation asshown in FIG. 21.

[0044]FIG. 22 is an explanatory drawing for showing the embodiment ofthe tenth invention in a similar manner to FIG. 19.

[0045]FIG. 23 is a flowchart for showing the seventh embodiment of thetenth invention.

BEST MODE FOR CARRYING OUT THE INVENTION

[0046] According to the invention of claims 1 and 2, a user who holds arecording and storage card including secret information oftwo-dimensional code data composed of a single or plural items of truedata interspersed among numerous items of false data, determines andselects the location(s) and the reading order of the item(s) of truedata among the numerous items of false data from the user's own memory,so that the secret information of two-dimensional data is reproduced andprovided to a computer directly or through a communication line.

[0047] In the invention of claim 3, the user refers to illustrations orgraphics composed of the numerous items of false data and true data asauxiliary means, in determining and selecting the locations and thereading order of the items of true data among the numerous items offalse data from the user's own memory.

[0048] In the invention of claim 4, the user also refers toillustrations or graphics which exist in the background to the numerousitems of false data and true data, in determining and selecting thelocations and the reading order of the items of true data among thenumerous items of false data from the user's own memory.

[0049] According to the invention of claims 5 through 7, the location(s)and the storing order of the single or plural items of true data withrespect to the numerous items of false data are determined from the usermemory authentication (brain authentication) to select the single orplural items of true data interspersed among the numerous items of falsedata, so that the secret information with cryptographic keys isdecrypted for reproduction.

[0050] According to the embodiment of claim 8, the user determines andselects the locations and the reading order of the items of true datawhich indicate decryption keys, from among the numerous items of falsedata from the user's own memory in decrypting the encrypted secretinformation.

[0051] According to the embodiment of claim 9, the locations and theorder of the items of true data for true information interspersed amongthe numerous items of false data are determined from the user's memory,and according to the embodiment of claim 8, the determination from theuser's memory is accomplished by using, as auxiliary means, a graphicsheet which includes coloring, illustrations, graphics, and landscapes.

[0052] Now, the present invention will be described below in detail withreference to the drawings.

[0053] Referring to FIGS. 1 through 3, the reference numeral 1designates a recording and storage card including secret information, onwhich a single or plural items of true data A are interspersed amongnumerous items of false data B and the false data B and the true data Aare encrypted by applying two-dimensional codes thereto.

[0054] The single or plural items of true data A and the numerous itemsof false data B are arranged in groups of different sizes. Therefore,all the items of false data B and true data A cannot be identifiedvisually. Recorded data items of two-dimensional codes may be differentfrom each other or some of the recorded data items may be in a group ofnumerous identical data items.

[0055] Moreover, the items of false data B and true data A may be inidentical shape (for example, a square) or in different shapes such as asquare, a rectangle, and a circle and such different shapes may allowthe user to hold the locations of the items of true data A in the user'smemory more easily. For this purpose, it is assumed that any differencein size or shape is irrelevant to whether the data is true or false andthus, the data cannot be authenticated based on any difference in sizeor shape.

[0056]FIG. 1 shows that a single item of true data A and numerous otheritems of data are in identical shape (for example, a square) but of twodifferent sizes, that is, larger squares and smaller squares.

[0057] Referring to FIG. 1, it is assumed that a collection of firstunit records 10 and second unit records 12 represents an apartmenthouse, the second unit records 12 represent collectively a staircaseand/or elevator, and the first unit records 10 represent dwellings inthe apartment house.

[0058] To locate cryptographic keys, it is also assumed that the seconddwelling on the right side of the staircase on the second floor is theitem of true data A and all the others are items of false data B.

[0059]FIG. 2 shows that plural items of true data A and other items ofdata are represented by squares and rectangles as three types of unitrecords, that is, first unit records 10, second unit records 12, andthird unit records 13.

[0060] The first unit records 10 in smaller square shape representdwellings, the second unit records 12 in larger square shape representcollectively a staircase and/or elevator in a similar manner to FIG. 1,and the third unit records 13 in rectangular shape representcollectively an anti-disaster floor in order to facilitate holding in auser's memory where the items of true data A are located.

[0061]FIG. 3 shows the embodiment and that a “robot” is represented asan illustration or graphic formed of numerous items of false data andtrue data.

[0062] To determine and select the locations of the items of true datainterspersed among the numerous items of false data from a user'smemory, it is assumed that a rectangle “above the robot's left eye”represents a first item of true data A1, a larger square “in the middleof the robot's belly” represents a second item of true data A2, and asmaller square at the toe of “the robot's left leg” represents a thirditem of true data A3.

[0063] Such auxiliary means as the robot's “eye”, “belly”, and “leg” canbe used to facilitate determination of the locations of the items oftrue data and the order of selecting them from the numerous items offalse data.

[0064]FIG. 4 shows the embodiment that a landscape is represented as abackground to the numerous items of false data and true data.

[0065] In the figure, the landscape is placed over the graphics formedof a collection of the numerous items of false data and the items oftrue data interspersed among them. It should be noted that a landscapesheet with the landscape printed on a transparent sheet can be placedover a data sheet with the collection of the numerous items of falsedata and true data displayed thereon to overlay or superimpose thelandscape.

[0066] To determine and select the items of true data interspersed amongthe numerous items of false data from a user's memory, it is assumedthat a rectangle in the leftmost one of “three pine trees on a mountain”represents a first item of true data A01, a larger square in the cargoon an “on-river ship” represents a second item of true data A02, and asmaller rectangle nearest to a bridge among “three stones near thebridge” represents a third item of true data A03.

[0067] Such auxiliary means as the “trees on a mountain”, “on-rivership”, and “stones near the bridge” can facilitate determination of thelocations of the items of true data and the order of selecting them fromthe numerous items of false data.

[0068] Next, data obtained by applying two-dimensional codes will bedescribed below with reference to FIG. 5.

[0069] The two-dimensional codes include grid-arranged (matrixed)squares or rectangles, concentrically-arranged circles, and multilevelbar codes and it has the advantages that, as compared withone-dimensional bar codes of data units, the amount of information canbe increased in a series manner because of its two-dimensionalarrangement, that numerous different items of data can be visuallyapproximated by making a change to a data unit to vary the data to bedisplayed, and that numerous items of data with different sizes andshapes can be also considered as identical items of data. The firstembodiment of the present invention makes use of these advantages.

[0070] In FIG. 5, the two-dimensional codes are composed ofgrid-arranged (matrixed) squares or rectangles, that is, smaller squaresin FIG. 5a, larger squares in FIG. 5b, and rectangles in FIG. 5c, andthe respective recorded items of two-dimensional data indicate anidentical numerical value or mark throughout the three figures. Inaddition, the reference numeral 14 designates a border of data range and15 designates two-dimensional code data.

[0071] In the above-described embodiment, coloring can facilitatedetermination of the locations of the items of true data and the orderof selecting them from the numerous items of false data in recording thedata on a recording medium or in printed form.

[0072] Next, the second embodiment will be described below.

[0073] According to the embodiment of claim 3, some items of true dataencrypted by applying two-dimensional codes to secret information withcryptographic keys are interspersed among numerous items of false data,and the locations of the item of true data with respect to the numerousitems of false data are held in a user's memory for memoryauthentication (brain authentication) to prevent any unauthorized personfrom decrypting the secret information.

[0074] The second through fourth embodiments (claims 3 through 7) can beimplemented by using a recording and storage card for secret informationwith cryptographic keys encrypted by two-dimensional data according tothe first embodiment and another recording and storage card for secretinformation with cryptographic keys encrypted by two-dimensional data asshown in FIG. 6 can be also used.

[0075] In a card shown in FIG. 6, two-dimensional data for each item ofdata is in identical shape, that is, a square of the same size. Asequence of alphanumeric characters are added for assisting in holdingthe locations and reading order of the items of true data in a user'smemory. It should be noted that alphanumeric characters (for example,B2, B1, F1, F2, F3, . . . ) may be added to the cards shown in FIGS. 1and 2 as memory assistance for the locations and reading order of theitems of true data.

[0076] Referring to FIGS. 7 and 8, recording and reading operations on acard 1 will be described below.

[0077] It is assumed that among twenty codes printed on the card 1,sixteen codes are dummies. A password is divided into four parts, whichare placed in the upper second location, the lower fifth location, thelower sixth location, and the upper ninth location from the left end(see FIG. 6). It is assumed that these four parts are read out in theorder of “E-9-2-F”.

[0078] An authorized user who knows this order uses a handheld orpen-type scanner 2 to sequentially read out the lower fifth location #1,the upper ninth location #2, the upper second location #3, and the lowersixth location #4 as shown in FIG. 7 while ignoring the other codelocations. An accessed system receives a restored password of hundredsthrough thousands of digits and/or characters to identify the authorizeduser.

[0079] Referring to FIGS. 7 and 8, the reference numeral 3 designates aterminal unit, 4 designates a keyboard, 5 designates a communicationnetwork such as Internet, 6 designates a central control computer, and 7designates data.

[0080] Next, the third embodiment (claim 6) and the fourth embodiment(claim 7) will be described below.

[0081] Encrypted information 20 in FIG. 9 is divided into three items oftrue information P1, P2, P3, which are interspersed among items of falseinformation Q1, Q2, . . . to conceal the true information. Thus, thefalse information Q and the true information P cannot be discriminatedfrom their appearances.

[0082] The items of true information P1, P2, P3 are assigned 5, A, and

(a katakana character) as items of address information p (true data) andthe other items of false information Q1, Q2, • • • • are assignednumbers other than 5, alphabetic characters other than A, and katakanacharacters other than

as items of address information q (false data).

[0083] Referring to FIG. 10, both the items of true data P and the itemsof false data Q are placed on address cards 21A, 21B, and 21C.

[0084] Then the user selects the items of true data 5, A, and

from among the items of false data through memory authentication (brainauthentication).

[0085] To facilitate secure selection of the reading order, these itemsof data can be colored in red, yellow, and blue.

[0086] If two-dimensional codes are applied, the embodiments as shown inFIGS. 1 through 4 and FIG. 6 can be used. In addition, as shown in FIG.11, marks and symbols other than alphanumeric characters can be alsoused.

[0087] It should be noted that the third and fourth embodiments (claims8 through 10) are not limited to optical/printed two-dimensional codesbut they are applicable to non-optical/non-printed indexed data blocksand optical/non-optical symbols. The algorithm used for theseembodiments is also applicable not only to some items of data printed astwo-dimensional codes but to those printed as symbols or to data blocksor symbols which are not printed but indexed and recorded on a storagemedium.

[0088] The above-described first through fourth embodiments (claims 1through 10) can facilitate input operations of authentication data usedfor user authentication as well as selection of true authentication datafrom numerous items of false data, thereby holding it in one's memorymore easily. In addition, since the number of items of false data isequal to that of alphanumeric characters, these embodiments can preventany unauthorized person from decrypting authentication symbols forgreater safety. A recording medium storing corporate information and/orpersonal information can be concealed more securely. Moreover,cryptographic keys for user authentication and secret information suchas corporate information and/or personal information can be treated in amore secret manner for online applications and offline applications aswell as in recording and storing on a recording medium in a computeritself.

[0089] Since the number of items of data is equal to the number ofalphanumeric character strings of plural digits, these embodiments canprevent any unauthorized person from decrypting authentication symbolsfor greater safety. A recording medium storing corporate informationand/or personal information can be concealed more securely.

[0090] Subsequently, the third through seventh embodiments (claims 11through 13) will be described below.

[0091] Referring to a flowchart shown in FIG. 12, [“123947=] is set as apassword for user authentication in an internet transaction (or in othercases including the operation of a cash dispenser, user authenticationupon a credit, or a key number for opening a key of a doorway, a safe ora case for a recording medium) and an authorized user is informed ofthis password in advance. Specifically, a password obtained by adding[”] and to the original password [123947], i.e., a password obtained byadding [”] to the first place of the original password [123947] and [=]to the last place thereof, is set as an alarm signal.

[0092] The alarm signal may be set irrelevant to the password. Forexample, the one having [”] at the first place, [=] at the last placeand numerical strings between [”] and [=] may be set as the alarm signal(i.e., [123947] in the above-mentioned [“123947=] is changed tonumerical strings irrelevant to the password). Further, the position of[”] and the numerical strings between [”] and [=] are composed ofoptional numerals in optional digit numbers. When randomly selectedsymbols are assigned to each user as additional signals, this alarmsignal cannot be known other than the authorized user. Accordingly, anunauthorized person in bad faith cannot detect the sending of this alarmsignal.

[0093] During the input operation of a password for the above-mentioneduser authentication, the user informs that he or she is placed under thecontrol of an unauthorized person by adding the above-mentioned alarmsignal set in advance.

[0094] A system detects that the user is under an abnormal condition bydetecting the alarm signal, and it is to perform aprotection/preservation measure. In the invention of claim 2 withreference to FIG. 13, the user authentication is completed ignoring theexistence of the alarm signal.

[0095] As the protection/preservation measure, the system leads theaccess to a false web page that is prepared beforehand for transmittinginformation that is similar to but not the same as the true informationand does not give great damage to its organization, facility orcorporation even if it is leaked.

[0096] Even in the case where there is no such preparation and theoutflow of true information (for example, remittance instruction or thelike) is missed for a safety of user's life and body, the system canpromptly set about a user rescue, detection of an invader orcomplementary activity if it grasps the abnormal condition on real time.

[0097] In this case, the system never asks the user the question of “Isthere anything abnormal?”. The system persistently proceeds theprocessing, or false processing. Or a danger occurs that the user isimmediately exposed to a revenge of the unauthorized person because theuser does not follow the instruction.

[0098] When a method is applied wherein numerous passwords are dividedinto plural parts and the one in which false items are interspersed isrecorded and printed to any medium so that only the authorized usermemorizes the position and restoration order of the true data, thisalarm signal can be concealed, thereby enhancing practicability.Specifically, it is enough to together select this data block uponemergency, so that the process can easily be performed even under thetense condition. Similarly, another method can be applied wherein analarm signal is added or inserted upon sending so-called authenticationinformation other than a password such as decrypted open keys orcryptographic keys.

[0099] Further, this software algorithm can be applied not only to thepassword but also to the other authentication method. In the case offingerprint authentication, the fingerprint on the third finger of theright hand is, for example, determined as a signal that completes theauthentication but alarms the occurrence of the abnormal condition. Inthe case of signature recognition, a second signature maybe registeredfor this purpose. In case where symbols are used for authenticationwithout using characters or numerals, one or plural symbols may beassigned to each user for this purpose.

[0100] In the seventh embodiment (claim 13), referring to a flowchartshown in FIG. 14, a user inputs a password by adding an alarm signal setin advance in user authentication in an internet transaction. Forexample, the user adds [#] to [A1234], i.e., inputs [A1234#]. The userdeletes [#] at the end and inputs [A1234] for informing that he or sheis placed under the control of unauthorized person. The preservationmeasure after this is the same as that shown in the fifth embodiment(claim 11) and the sixth embodiment (claim 12).

[0101] The fifth through seventh embodiments detects an access from auser placed under the control of an unauthorized person in bad faith inuser authentication in an internet transaction, thereby being capable ofprotecting and preserving both the user and the system. Providing thealarm signal continued from the original password assuredly specify asender of the alarm signal and further reduces “prank sending” or“miss-sending” of the alarm signal. Moreover, specifying an alarm signalevery user can reduce “prank sending” or “miss-sending” of the alarmsignal.

[0102] Now, the eighth through tenth embodiments (claims 14 through 16)will be described below.

[0103]FIG. 15 shows a user authentication data recording card A1 as auser authentication data recording medium used with the presentinvention and numerous items of matching data a such as kanji characterstrings, alphanumeric character strings, image and/or audio data aretwo-dimensionally coded and recorded on the data recording card throughrecording means which is capable of optically and/or magneticallyreading data.

[0104]FIG. 16 shows matching data in different shapes a1, a2, a3.

[0105]FIG. 17 shows matching data printed by a computer-controlledprinter or magnetically recorded and the two-dimensional coding as shownin the figure can allow for recording identical data irrespective ofdata shapes. In addition, the two-dimensional coding can make itdifficult to discriminate visibly recorded data items because they areprinted in substantially identical appearances.

[0106] It should be noted that the present invention is not limited tothe two-dimensional codes as described above and one-dimensional codes,symbols including illustrations and caricatures, alphanumeric characterstrings, kanji character strings, words and phrases can be used asmatching data. Therefore, matching data may include character stringsand image and/or audio data which can be manipulated by a computer formatching operations.

[0107] A recording medium of the user authentication data recording cardA1 may be a portion of an optically readable printing card or amagnetically recording area formed on a portion of a card such as acredit card. Alternatively, the data recording card may be anelectrically recording medium such as an IC card.

[0108]FIG. 18 shows an embodiment of the user authentication datarecording medium (user authentication data recording card A) whichincludes marks and symbols as matching data a4, a5, a6.

[0109] Before issuing the above-described user authentication datarecording medium 1 to each user, a single or plural items of true data Pare determined from numerous items of matching data a and all theremaining items of matching data are determined to be plural items offalse data Q, and then the matching data consisting of the single orplural items of true data and the plural items of false data arerecorded on the user authentication data recording medium. It should benoted that when plural items of true data P are used, the order ofreading the items of true data P is also determined. For example, asshown in FIG. 12, the items of true data are determined to be P1=E,P2=9, P3=2, and P4=F to complete the user authentication data recordingmedium 1 (user authentication data recording card A1) as a matchingcard.

[0110] The location of an item of true data or the locations and thereading order of plural items of true data in the user authenticationdata recording medium 1 (user authentication data recording card A1) aredetermined and recorded in a recording unit of a CPU or central controlcomputer 6 to allow the computer to perform a matching operation forauthentication data recorded on the user authentication data recordingmedium 1 (user authentication data recording card A1) presented by aholder thereof.

[0111] Next, a process of entering authentication data on a userauthentication data recording medium 1 (user authentication datarecording card A1) will be described below.

[0112] Referring to FIG. 19, the authentication data on the userauthentication data recording medium 1 (user authentication datarecording card A1) as shown in FIG. 15 is entered into a terminal unit 3through a pen-type scanner 2 and then transmitted directly or through acommunication line (Internet) to a CPU connected to the terminal unit.

[0113] For each authorized user, four predetermined items of data amongthe twenty items of matching data are entered in a particular order.More specifically, the lower fifth item #1, the upper ninth item #2, theupper second item #3, and the lower sixth item #4 are read out in thisorder. These items of data are alphanumeric characters “E-9-2-F” asshown in FIG. 15. The handheld scanner 2 reads all the items of data onthe user authentication data recording medium 1 and then items ofauthentication data selected through selective input means such as akeyboard 4 are transmitted to the CPU or central control computer 6 viathe terminal unit 3.

[0114] In addition to the recording unit described above, the CPU orcentral control computer 6 includes a true data discriminator, a falsedata discriminator, a confinement informing data discriminator, a truedata counter, a false data counter, a user authentication signalgenerator, a theft alarm (unauthorized access alarm) generator, and aconfinement informing message generator.

[0115] The operation performed by the CPU or control computer 6 totransmit the authentication data as described above will be describedbelow with reference to an operational flow explanatory drawing of FIG.20 and a flowchart of FIG. 8.

[0116] When four particular items of data are entered in a particularorder (for example, the user authentication data recording medium 1 inFIG. 15 is used to enter the four items of true data P1=E, P2=9, P3=2,and P4=F in the order of “E-9-2-F”), the process goes on as shown by theleft-hand flow in FIG. 21. Namely, steps S1, S2, S3, and S4 areperformed in this order to complete a user authentication operationsuccessfully.

[0117] If any item of true data is entered in an incorrect order (anyitem of false data is entered or any item of data which does not existin the user authentication data (noise data) is entered), this isconsidered as an authentication error to cause a branch at any of thesteps S1, S2, S3, and S4, resulting in a user authentication failure.Then, if the error count exceeds a predetermined value, for example,three at step S5, the authentication access is terminated. If the errorcount is less than the predetermined value, for example, it is two orless, another authentication access may be permitted.

[0118] If items of false data are entered, the process goes on as shownby the central flow in the figure and steps S6, S7, S8, and S9 areperformed in this order to store the items of false data in therecording means of the CPU or computer 6, counting the entered items offalse data.

[0119] If the false data count is two or more, a branch is caused at anyof steps S10, S11, and S12 to detect an “unauthorized access”.

[0120] If the false data count is one during four input operations, thisis considered as a “misoperation” to allow for entering matching dataagain.

[0121] As an alternative to the method of interspersing predetermineditems of true data among items of false data as described above, a userauthentication recording medium with numerous items of matching data a,irrespective of whether these items are true or false (that is, withoutpredetermined items of true and false data) may be given to a user toallow the user to select some items of true data from among them withthe remaining items to be assumed as those of false data. Namely, theuser may be given a temporary right to select items of true and falsedata and also items of confinement informing data.

[0122] If a particular one among numerous items of false data isdetermined as an item of “alarm data” and such an item of alarm data isentered after the steps S1, S2, S3, and S4 have been performed in thisorder to complete the user authentication operation successfully(namely, after the four items of true data have been entered), a userauthentication and confinement informing message is generated andtransmitted upon detection of any item of “confinement informing data”at step S13.

[0123] In an embodiment shown in FIGS. 22 and 23, all items of datarecorded in a user authentication data recording medium 1 (userauthentication data recording card A1) can be read by a card reader andthen items of authentication data selected by selective input means suchas a keyboard can be transmitted to a CPU or central control computer 6via a terminal unit 3. Alternatively, as described below, a computerincluded in an electronic device terminal unit may be used toelectronically record the content of a user authentication datarecording medium (user authentication data recording card A) as well asto record it in a control center (authentication data registrationcomputer) online or offline, so that matching data strings entered asauthentication data based on the user-transmitted record can be enteredin a control center (authentication computer) online or offline formatching the authentication data. It should be noted that alphanumericcharacters, binary comparison, image comparison, and other datacomparison techniques may be used for matching.

[0124] Referring to FIG. 25, a CPU or central control computer 6A in acontrol center (authentication data registration computer) has an inputdata storage in addition to the functional means as shown in FIG. 5 forthe first embodiment [the true data discriminator, the false datadiscriminator, the confinement informing data discriminator, the truedata counter, the false data counter, the user authentication signalgenerator, the theft alarm (unauthorized access alarm) generator, andthe confinement informing message generator].

[0125] The operation performed by the CPU or control computer 6A totransmit the authentication data as described above will be describedbelow with reference to a flowchart of FIG. 10. When four particulardata are entered in a particular order (for example, the userauthentication data recording medium 1 in FIG. 12 is used to enter thefour items of true data P1=E, P2=9, P3=2, and P4=F in the order of“E-9-2-F”) and authentication data in a recording unit matches theauthentication data in the input data storage, it is determined thattrue authentication data is entered to complete a user authenticationoperation successfully. If the authentication data in the recording unitdoes not match the authentication data in the input data storage (anyitem of true data is entered in an incorrect order or any item of falsedata is entered or any item of data which does not exist in the userauthentication data (noise data) is entered), this is considered as anauthentication error, resulting in a user authentication failure.

[0126] Then, if the false data count is less than a predetermined value,for example, it is one or less, another authentication access may bepermitted.

[0127] If the false data count is equal to or more than thepredetermined value, for example, it is two or more, this is consideredas an “unauthorized access” to generate a theft alarm.

[0128] If a particular one among numerous items of false data isdetermined as an item of “alarm data” and such an item of alarm data isentered after the user authentication operation has been completedsuccessfully (namely, after the four items of true data have beenentered), a user authentication and confinement informing message isgenerated and transmitted upon detection of any item of “confinementinforming data”.

[0129] If the content of a user authentication data recording medium isrecorded in a recording unit of a computer built in a mobile telephoneor portable terminal unit, recording means in a portable electronicdevice can be used to allow the control center to issue a userauthentication data recording medium by recording similar information tothat in a user authentication data recording card, that is, numerousitems of matching data a, in the recording means of the portableelectronic device, determining items of true data P from the items ofmatching data a, and determining and recording authentication data for aholder of the portable electronic device in the recording means of theportable electronic device and a computer in the control center.

[0130] During a user authentication operation, the numerous items ofmatching data a are provided on a display of the portable electronicdevice to allow the user to specify the locations of the items of truedata P from the user's memory for transmitting them to the controlcenter (authentication data registration computer). If any item of falsedata Q is transmitted, it will be informed or alarmed that the portableelectronic device (such as a mobile telephone or an entrantauthentication device) may be lost or thieved. If any item of“confinement informing data” is detected, a user authentication andconfinement informing message will be generated and transmitted.

[0131] To specify the locations of the items of true data P, a keyboard(including a ten key pad or a dial), a touch screen, or other computerinput means may be used. For an application wherein a userauthentication operation must be performed offline without anycommunication to the control center, a single device may include allfunctions to be performed by the computer in the authentication dataregistration center as well as the authentication computer shown in FIG.19. For example, an entrant controller can unlock a door to permitsomeone to enter the room only through user authentication without anycommunication to an external computer. However, such a controller can beset to generate and transmit a theft alarm or confinement informingmessage through communication means for online communication tosecurity.

[0132] Particularly, under circumstances where a user confinementinforming message is required, a communication to security in additionto permission to enter the room and operate an electronic device may beeffective for both user rescue and security of the electronic device andthe electronic device control room.

[0133] The eighth invention uses a single item of true data P. As soonas an item of false data Q is detected, a loss or theft is informed oralarmed.

[0134] The ninth invention uses plural items of true data P andgenerates an alarm upon detection of plural items of false data Q,thereby reducing erroneous alarms due to input mistakes.

[0135] In addition to the features of the eighth and tenth invention,the invention can generate and transmit a confinement informing messageupon detection of any item of “confinement informing data”. Therefore,when the fifth or sixth embodiment is implemented, the additionalfeature to generate and transmit a confinement informing message upondetection of any item of “confinement informing data” as shown in FIG.23 can be omitted.

[0136] The eighth through tenth inventions (claims 14 through 16) canuse a user authentication data recording medium 1 on which numeroussimilar items of matching data are recorded, and these embodiments canalso select items of true data from among the numerous similar items ofmatching data from a user's memory to securely prevent an unauthorizedperson from making a user authentication request based on authenticationdata. If the authentication data to be transmitted includes an item offalse data, generation of a theft alarm can enhance the feature toprevent an unauthorized access through a lost or thieved userauthentication data recording medium.

[0137] Furthermore, as same as inventions of claims 11 through 13, theseinventions can be effective for protecting and preserving both the userand the system against access from the user, if the user is placed underthe control of an unauthorized person in bad faith.

INDUSTRIAL APPLICABILITY

[0138] The present invention provides means for concealing, recording,and storing secret information such as corporate information andtechnical information. The present invention also establishes an alarmsystem as a safety measure to be taken when secret information withcryptographic keys, a recording medium including such secretinformation, or an electronic and/or communication device having such arecording medium is thieved or lost, or fraudulently used by means ofleaked authentication data. The present invention further establishes asystem for informing that there occurs an unauthorized access to arestricted area or electronic device. In addition, the present inventioncan detect access from an authorized user placed under the control of anunauthorized person in bad faith to allow for protection andpreservation of both the user and the system. Therefore, the presentinvention is very useful in industrial fields where a secret informationrecording medium which has secret information with cryptographic keysrecorded thereon, such as an authentication card, is used.

1. A secret information record medium, wherein a single item of truedata is interspersed among numerous items of false data and the falseand true data are composed of two-dimensional code data in plural groupshaving different areas, and wherein the location of the item of truedata interspersed among the numerous items of false data is determinedand presented to a user.
 2. A secret information record medium, whereinplural items of true data are interspersed among numerous items of falsedata and the false and true data are composed of two-dimensional codedata in plural groups having different areas, and wherein the locationsand storing order of the items of true data interspersed among thenumerous items of false data are determined and presented to a user. 3.A secret information record medium according to claim 1 or 2,characterized by the user refers to illustrations or graphics composedof the numerous items of false data and true data as auxiliary means, indetermining and selecting the locations and the reading order of theitems of true data among the numerous items of false data from theuser's own memory.
 4. A secret information record medium according toclaim 1 or 2, characterized by the user also refers to illustrations orgraphics which exist in the background to the numerous items of falsedata and true data, in determining and selecting the locations and thereading order of the items of true data among the numerous items offalse data from the user's own memory.
 5. A secret informationprotection method, wherein a single item of true data encrypted byapplying two-dimensional codes to secret information with cryptographickeys for entrant-limited and/or operator-limited control is interspersedamong numerous items of false data, and wherein the location of the itemof true data with respect to the numerous items of false data is held ina user's memory for memory authentication to prevent any unauthorizedperson from decrypting the secret information.
 6. A secret informationprotection method, wherein plural items of true data encrypted byapplying two-dimensional codes to secret information with cryptographickeys for entrant-limited and/or operator-limited control areinterspersed among numerous items of false data, and wherein thelocations and storing order of the items of true data with respect tothe numerous items of false data are held in a user's memory for memoryauthentication to prevent any unauthorized person from decrypting thesecret information.
 7. A secret information protection method accordingto claim 5 or 6, wherein said false and true data are printed on a papercard so that they can be read by an optical reader for datareproduction.
 8. A secret information protective storing method, whereinitems of true data indicating decryption keys for encrypted secretinformation are interspersed among numerous items of false data forconcealment and the locations and reading order of the items of truedata interspersed among the numerous items of false data are held in auser's memory.
 9. A secret information protective storing method,wherein true information is divided into plural items and interspersedamong numerous items of false information to conceal the trueinformation, wherein numerous items of true data indicating thelocations of the items of true information and numerous items of falsedata indicating the locations of the items of false information areprovided, and wherein the locations and storing order of the items oftrue data interspersed among the numerous items of false data aredetermined from a user's memory.
 10. A secret information protectivestoring method according to claim 9, wherein true information is dividedinto plural items and interspersed among numerous items of falseinformation to conceal the true information, wherein numerous items oftrue data indicating the locations of the items of true information andnumerous items of false data indicating the locations of the items offalse information are provided, and wherein the locations and storingorder of the items of true data interspersed among the numerous items offalse data are determined from a user's memory by referring to a graphicsheet which includes coloring, illustrations, graphics, and landscapesto specify portions of the graphic sheet.
 11. A system for reportingemergency such as theft or conferment when secret information isaccessed, wherein during the input of a password upon userauthentication in an internet transaction, a user adds an alarm signalthat is set in advance for informing that he or she is placed under thecontrol of an unauthorized person, and the system detects that the useris under an abnormal condition by detecting the alarm signal, whereuponthe system performs a protection/preservation measure.
 12. A system forreporting emergency such as theft or conferment when secret informationis accessed, wherein during the input of a password upon userauthentication in an internet transaction, a user adds an alarm signalthat is set in advance for informing that he or she is placed under thecontrol of an unauthorized person, and the system detects that the useris under an abnormal condition by detecting the alarm signal, whereuponthe system performs a normal user authentication procedure as well asperforms a protection/preservation measure.
 13. A system for reportingemergency such as theft or conferment when secret information isaccessed, wherein during the input of a password upon userauthentication in an internet transaction, a user deletes an alarmsignal that is set in advance in a password for informing that he or sheis placed under the control of an unauthorized person, and the systemdetects that the user is under an abnormal condition by detecting thealarm signal, whereupon the system performs a protection/preservation.14. A system for reporting emergency such as theft or conferment whensecret information is accessed, wherein the number of items of matchingdata to be recorded on a recording medium is selected to include asingle item of true data and plural items of false data to provide auser authentication data recording medium which has the matching datainterspersed with the single item of true data and the plural items offalse data, wherein in recording secret information with cryptographickeys on said user authentication data recording medium, one of thenumerous items of matching data is determined to be the true data andthe remaining items of matching data are determined to be the falsedata, wherein information indicated by the single item of true data isdetermined to be authentication data indicating the secret informationwith the cryptographic keys on the user authentication data recordingmedium, wherein in using the user authentication data recording mediumto enter the authentication data, the single item of true data isselected from the user authentication data recording medium, therebydetermining that the true authentication data is selected and validatingthe user authentication, and wherein in selecting the single item oftrue data from the user authentication data recording medium during theinput operation by means of the user authentication data recordingmedium, if at least one item of false data is included in the inputdata, it is determined that a theft-causing unauthorized access isattempted and then the user authentication is invalidated with a theftalarm generated.
 15. A system for reporting emergency such as theft orconferment when secret information is accessed, wherein the number ofitems of matching data to be recorded on a recording medium is selectedto include plural items of true data and plural items of false data toprovide a user authentication data recording medium which has thematching data interspersed with the plural items of true data and theplural items of false data, wherein in recording secret information withcryptographic keys on said user authentication data recording medium,several ones of the numerous items of matching data are determined to bethe true data by specifying the locations or features and order, theremaining items of matching data are determined to be the false data,and information indicated by the plural items of true data is determinedto be authentication data indicating the secret information with thecryptographic keys on the user authentication data recording medium,wherein during the input operation by means of the user authenticationdata recording medium, the plural items of true data are selected fromthe user authentication data recording medium in a correct order,thereby determining that the true authentication data is selected andvalidating the user authentication, wherein in selecting the pluralitems of true data from the user authentication data recording mediumduring the input operation by means of the user authentication datarecording medium, if the number of items of false data included in theinput data is equal to or more than a predetermined number, it isdetermined that a theft-causing unauthorized access is attempted andthen the user authentication is invalidated with a theft alarmgenerated, and wherein a control center which detects the generatedtheft alarm prevents subsequent use of said user authentication datarecording medium.
 16. A system for reporting emergency such as theft orconferment when secret information is accessed, wherein the number ofitems of matching data to be recorded on a recording medium is selectedto include a single or plural items of true data and plural items offalse data to provide a user authentication data recording medium whichhas the matching data interspersed with the single or plural items oftrue data and the plural items of false data, wherein in recordingsecret information with cryptographic keys on said user authenticationdata recording medium, one or several ones of the numerous items ofmatching data are determined to be the true data with a reading orderdetermined, the remaining items of matching data are determined to bethe false data, information indicated by the single item of true data orthe plural items of true data in the correct reading order is determinedto be authentication data indicating the secret information with thecryptographic keys on the user authentication data recording medium, andsome of the false data is determined to be confinement informing data,wherein during the input operation by means of the user authenticationdata recording medium, the single or plural items of true data from thematching data on the user authentication data recording medium and thereading order are selected and said confinement informing data is added,thereby determining that the true authentication data is selected andvalidating the user authentication, and wherein if at least one item ofconfinement informing data is included in addition to the true data, itis determined that the user is placed under the control of anunauthorized person and a control center validates the userauthentication with a confinement informing alarm generated.